6294 matches found
K000149612: Apache OFBiz vulnerability CVE-2023-50968
Security Advisory Description Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to...
K000149538: GNU gettext vulnerability CVE-2018-18751
Security Advisory Description An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVE-2018-18751 Impact There is no impact; F5 products are not...
K000149537: AsyncHttpClient vulnerability CVE-2024-53990
Security Advisory Description The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly...
K000149511: Oracle Java vulnerability CVE-2025-21502
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK:...
K000149484: Linux kernel vulnerability CVE-2024-40998
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimitstate-lock access in ext4fillsuper In the following concurrency we will access the uninitialized rs-lock: ext4fillsuper ext4registersysfs // sysfs registered...
K000149485: cURL vulnerability CVE-2024-11053
Security Advisory Description When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches th...
K000149383: Qt vulnerabilities CVE-2023-32763
Security Advisory Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. CVE-2023-32763 Impact There is no impact; F5 products are not...
K000149382: Linux kernel vulnerability CVE-2024-35884
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause...
K000149333: Apache Tomcat vulnerability CVE-2024-52316
Security Advisory Description Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP stat...
K000149331: OpenSSL vulnerability CVE-2024-9143
Security Advisory Description Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility o...
K000149329: PostgreSQL vulnerabilities CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, and CVE-2014-0063
Security Advisory Description CVE-2014-0060 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users t...
K000149306: OpenSSL vulnerability CVE-2024-4603
Security Advisory Description Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or...
K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860
Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
K000149289: Apache Traffic Control vulnerability CVE-2024-45387
Security Advisory Description An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request...
K000149275: Apache Tomcat vulnerability CVE-2024-54677
Security Advisory Description Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. User...
K000149272: Linux kernel vulnerability CVE-2022-48773
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate If there are failures then we must not leave the non-NULL pointers with the error value, otherwise rpcrdmaepdestroy gets confused and...
K000149270: Apache Xerces vulnerability CVE-2023-37536
Security Advisory Description An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. CVE-2023-37536 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K000149248: Java vulnerability CVE-2024-21210
Security Advisory Description Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
K000149247: Apache tomcat vulnerability CVE-2024-56337
Security Advisory Description Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users...
K000149184: Python vulnerabilities CVE-2022-26488, CVE-2019-16056, and CVE-2019-5010
Security Advisory Description CVE-2022-26488 In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must...
K000149183: PostgreSQL vulnerabilities CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, and CVE-2014-0067
Security Advisory Description CVE-2014-0064 Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and...
K000149130: c-ares vulnerability CVE-2017-1000381
Security Advisory Description The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Impact An authenticated...
K000149093: Apache Struts vulnerability CVE-2024-53677
Security Advisory Description File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apach...
K000149092: PostgreSQL vulnerability CVE-2024-10978
Security Advisory Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises wh...
K000149074: ZeroMQ vulnerabilities CVE-2014-9721 and CVE-2021-20236
Security Advisory Description CVE-2014-9721 libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. CVE-2021-20236 A flaw was found in the ZeroMQ server in versions before 4.3....
K000149068: Multiple PostGreSQL vulnerabilities
Security Advisory Description CVE-2017-7485 In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle...
K000149073: PostgreSQL vulnerabilities CVE-2021-3393, CVE-2015-5289, and CVE-2017-8806
Security Advisory Description CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose...
K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669
Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...
K000149027: Java vulnerability CVE-2024-21208
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM fo...
K000148969: Python vulnerability CVE-2024-7592
Security Advisory Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity,...
K000148958: Spring WebFlux vulnerability CVE-2024-38821
Security Advisory Description Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's...
K000148956: c-ares vulnerability CVE-2016-5180
Security Advisory Description Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot. CVE-2016-5180 Impact There ...
K000148931: Linux kernel vulnerability CVE-2024-26923
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that...
K000148896: Intel SGX vulnerability CVE-2023-43753
Security Advisory Description Improper conditions check in some IntelR Processors with IntelR SGX may allow a privileged user to potentially enable information disclosure via local access. CVE-2023-43753 Impact A local authenticated attacker can exploit the vulnerability to enable information...
K000148899: PostgreSQL vulnerabilities CVE-2018-1058, CVE-2018-1053, CVE-2017-7547, CVE-2017-7486, and CVE-2017-7484
Security Advisory Description CVE-2018-1058 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are...
K000148898: PostgreSQL vulnerabilities CVE-2021-23214, CVE-2019-9193, CVE-2019-10210, CVE-2019-10128, and CVE-2019-10127
Security Advisory Description CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL...
K000148897: Sudo vulnerability CVE-2019-19232
Security Advisory Description In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because...
K000148895: Intel UEFI firmware vulnerabilities CVE-2023-2235, CVE-2023-23904, and CVE-2023-25546
Security Advisory Description CVE-2023-22351 Out-of-bounds write in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-23904 NULL pointer dereference in the UEFI firmware for some IntelR Processors may allo...
K000148871: PostgreSQL vulnerability CVE-2024-4317
Security Advisory Description Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...
K000148830: Linux kernel vulnerabilities CVE-2024-41090 and CVE-2024-41091
Security Advisory Description CVE-2024-41090 In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tapgetuserxdp path, which could cause a corrupted skb to ...
K000148833: Intel Processor (SPP) vulnerabilities CVE-2024-36242 and CVE-2024-38660
Security Advisory Description CVE-2024-36242 Protection mechanism failure in the SPP for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2024-38660 Protection mechanism failure in the SPP for some IntelR XeonR processor...
K000148809: Qt vulnerabilities CVE-2023-38197 and CVE-2023-37369
Security Advisory Description CVE-2023-38197 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-37369 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2,...
K000148689: Qt vulnerability CVE-2023-32762
Security Advisory Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the...
K000148768: Curl vulnerability CVE-2024-0853
Security Advisory Description curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status...
K000148743: MySQL vulnerability CVE-2024-21101
Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attack...
K000148692: Qt vulnerability CVE-2023-34410
Security Advisory Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. CVE-2023-34410 Impact This vulnerability allows a...
K000148690: Qt vulnerability CVE-2023-32573
Security Advisory Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573 Impact A remote attacker may be able to cause a denial-of-service DoS on the system. Security Advisor...
K000148716: REXML vulnerability CVE-2024-41123
Security Advisory Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...
K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862
Security Advisory Description CVE-2019-3858 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
K000148709: Multiple Intel Ethernet Controllers and Adapters vulnerabilities
Security Advisory Description CVE-2024-21806 Improper conditions check in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-21807...